Facebook data collection under fire again
A German data protection agency is concerned Facebook is collecting data in violation of E.U. law
IDG News Service - A German privacy protection authority is calling on organizations there to close their Facebook fan pages and remove the social networking site's "Like" button from their websites, arguing that Facebook harvests data in violation of German and European Union law.
The Independent Centre for Privacy Protection (ULD), the privacy protection agency for the German state of Schleswig-Holstein, issued a news release on Friday saying Facebook builds a broad, individualized profile for people who view Facebook content on third-party websites.
Data is sent back to Facebook's servers in the U.S., which the agency alleges violates the German Telemedia Act, the German Federal Data Protection Act and the Data Protection Act of Schleswig-Holstein. The agency alleges the data is held by Facebook for two years, and wants website owners in the state to remove links to Facebook by the end of next month or possibly face a fine.
ULD officials could not be reached on Tuesday for comment. Facebook said in a statement that it firmly rejected allegations that it is in violation of E.U. data protection standards.
"The Facebook Like button is such a popular feature because people have complete control over how their information is shared through it," the company said in a statement. "For more than a year, the plugin has brought value to many businesses and individuals every day. We will review the materials produced by the ULD, both on our own behalf and on the behalf of web users throughout Germany."
Third-party websites use Facebook's "Like" button -- known generally as a "social plugin" -- as a means of promotion, letting their visitors share information they find useful through their own Facebook profiles. When a Facebook user clicks the Like button, it will result in a "story" within the user's News Feed on Facebook, along with a link to the website.
When the Like button is displayed on a third-party website, Facebook collects data including the user's computer operating system and IP (Internet protocol) address -- and, if the user is logged in to Facebook, their Facebook user ID. Facebook delivers information back to the website using the button, including the number of Likes. It also supplies demographic information, such as the percentage of visitors by gender, their age range, language, city and country.
Facebook retains logs of the IP addresses of logged-out members for 90 days before deleting them, which is an industry-accepted time frame, Facebook has said.
Facebook also allows advertisers to purchase campaigns using items that people "Like" as denoted on their profiles, something the company terms "Interests Targeting."
The move by the ULD is the latest problem for Facebook in Germany, which has undertaken close examinations of social networking services for potential privacy violations.
Earlier this month, Hamburg's Data Protection Agency (DPA) sent a letter to Facebook saying the social networking site should get users' consent before their biometric data, used to enable the automatic photo tagging feature, is stored.
Users can opt out of the feature, but the DPA claims that the process is unclear. The DPA contends that E.U. privacy regulations require that users give their consent before their data is stored, including the data used to enable tagging. Facebook said it rejects any claim it is not meeting E.U. law.
Send news tips and comments to email@example.com
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!